<?php
require_once "db.php";
session_start();

$old = db_escape(md5($_POST['old_pass']));
$new1 = db_escape(md5($_POST['new_pass1']));
$new2 = db_escape(md5($_POST['new_pass2']));
$userid = $_SESSION['uid'];

$check_oldpass_query_text = "SELECT password FROM accounts WHERE idaccounts='$userid'";
$check_oldpass_query = db_query($check_oldpass_query_text);
$row = mysqli_fetch_assoc($check_oldpass_query);
if ($row['password']!=$old) {
	echo 'Wrong old password!';
}
else {
	if ($new1==$new2) {
		$update_pass_query_text = "UPDATE accounts SET password = '$new1' WHERE idaccounts='$userid'";
		$update_pass_query = db_query($update_pass_query_text);
		echo 'Your password was chanched! Do not forget it.';
	}
	else{
		echo 'The new passwords does not match!';
	}
}

